msserver...wtf?

Discussion in 'malware problems & news' started by m.oreilly, Jul 10, 2008.

Thread Status:
Not open for further replies.
  1. m.oreilly

    m.oreilly Registered Member

    Joined:
    Dec 21, 2004
    Posts:
    30
    just noticed thei entry in startup. i see several mentions using google, but no clear solution for it's removal (referenced as malware). if keeps coming back after unchecking it in msconfig/startup, and rebooting. spybot and adaware show clean, and nod...well, i don't expect it to really do anything in a situation like this. anybody have a fix?
    thanks
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    And its name is just "msserver"? Nothing else?
     
  3. m.oreilly

    m.oreilly Registered Member

    Joined:
    Dec 21, 2004
    Posts:
    30
    yep. a variant of vundo. after several passes of "super anti spyware", it's still on the system. looks like a lengthy backup and reformat tonight...:doubt:
     
  4. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Not "msserver.exe", or "msserver...wtf", then?
    Have a try with MBAM, and/or try both SAS and MBAM in safe mode.
    When MBAM scans, it may prompt to restart, in order to remove locked files during reboot. If it so prompts, reboot straight away.
     
  5. m.oreilly

    m.oreilly Registered Member

    Joined:
    Dec 21, 2004
    Posts:
    30
    got a copy of mbam? their ftp is down...i'll try in safe mode w/ the sas...thanks :thumb:
     
  6. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    MalwareBytes.org working fine, here, try from MajorGeeks
     
  7. m.oreilly

    m.oreilly Registered Member

    Joined:
    Dec 21, 2004
    Posts:
    30
    thanks man. it appears, after doing a scan in safe mode, the sas app removed the startup entry. i'll do a rescan, as i hope that that was not all that was removed. thanks again for the help. moral: this is what can happen (malware) when downloading apps through p2p/torrents. this (digital photography software) was a very recent one, by the way...:thumb:
     
  8. m.oreilly

    m.oreilly Registered Member

    Joined:
    Dec 21, 2004
    Posts:
    30
    mbam found 2 more instances of vundo. after deletion of these, and another run of mbam...big badda boom! no bugs! very happy camper here. thanks again :thumb: :cool:
     
  9. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Glad it's fixed, but if you want to download applications via p2p, cracked warez etc, that's what you're going to get.
    There's plenty of freeware available for many applications (anti malware, for example ;) ) that works very well.
     
  10. m.oreilly

    m.oreilly Registered Member

    Joined:
    Dec 21, 2004
    Posts:
    30
    oh, and latest nod32 defs now detect it :thumb:
     
Thread Status:
Not open for further replies.